How Broadcom simplifies compliance for federal customers with Assured Workloads
Head of Platform Engineering, Broadcom
Broadcom is a global technology leader that designs, develops, and supplies many semiconductor and infrastructure software solutions. Broadcom’s category-leading product portfolio serves critical markets including data center, networking, software, broadband, wireless, storage, and industrial sectors.
Our customers, many of whom operate in the federal public sector, need ready-made SaaS solutions to secure their infrastructure while meeting compliance requirements. As head of platform engineering for Broadcom and its subsidiaries, my team is responsible for designing, testing, and building the common orchestration platform and services for our federal customers.
Since early 2021, we’ve partnered with Google Cloud to deliver best-in-class cloud solutions for our multinational customers with speed, scale and efficiency, which earned us the Google Cloud Customer of the Year Award. When it came to creating plug-and-play security and compliance solutions for federal organizations in the United States, we turned to Assured Workloads.
Simplifying the path to compliance
Assured Workloads provides out-of-the-box capabilities that allow us to easily create and maintain controlled environments that address security and compliance needs across different verticals and sectors. This includes enforcement of data residency, administrative and personnel controls, and managing encryption keys.
For example, in the United States, federal government agencies need to use solutions that comply with FedRAMP, the government-wide standard for cloud computing security, while the Department of Defense (DoD) needs to comply with Impact Level (IL) standards. Assured Workloads helps us create solutions with built-in guardrails to ensure our customers automatically operate within whichever standard applies.
Additionally, Assured Workloads guarantees that only personnel with the necessary clearance and permissions have access to information, and it offers integrated cryptographic control over data, including customer-managed encryption keys based on the chosen compliance program.
As a result of using Assured Workloads, our Symantec Security suite can provide a comprehensive set of security services that are being certified for FedRAMP. These include Web Security Service, Data Loss Prevention, Cloud Access Security Broker, and Symantec Endpoint Protection (SEP).
We also offer our enterprise software products as services through Google Cloud. Rally Software, our enterprise agility tool, and Clarity PPM, our project and portfolio management tool, are already certified for FedRAMP. Additionally Clarity PPM is undergoing certification for IL4 compliance for our DoD clients.
Sophisticated solutions for a secure future
Given the intricate nature of securing the cloud environment and the business processes it handles, integrating Assured Workloads into our service offering has been simple and streamlined. Many of our services already run on Google Cloud, using Google Kubernetes Engine and Google Compute Engine, and since those Google Cloud services can be configured for all programs in an Assured Workloads environment, we were able to provide solutions to federal agencies without making significant changes to our deployment or configurations. This has helped save enormous engineering effort by avoiding a customized one-off effort to manage a Federal environment.
Google Kubernetes Engine (GKE) is one of the critical services in our environment, and Google Cloud releases many new GKE capabilities each year. Assured Workloads allows us to benefit from all the latest GKE innovations that come through automatic updates, maintaining parity with the commercial cloud without compromising on security and compliance requirements.
Compliance is a must-have for our federal clients, and our duty as providers of security and software services is to supply them with easy-to-use, efficient solutions they can trust. With the power of Assured Workloads streamlining our infrastructure software solutions hosted in Google Cloud, we can better support our regulated customers and further grow our software and security service businesses.